GhostShell doesn't quite hack South Africa

South Africa needs to be saved and freed from corruption, says Team GhostShell, and luckily it has assembled a "strong force" of hacktivists equal to the task. That force will now break into government information vaults and bring to light the evidence that will reveal corruption and nefarious doings.

But initial leaks of information related to the campaign have done little more than embarrass a handful of companies – and inconvenience innocent bystanders.

This week the group, which styles itself GhostShell and claims association with the infamous Anonymous hacker collective, published online just over a hundred separate documents with information it claims to have drawn from companies including Sasol, Woolworths, PostNet, and others.
The documents were published on various paste-bin sites, intended to allow software coders to collaborate on projects, but a favourite of those who wish to make information public with little to no chance of being traced.

In some cases the documents contained passwords for what appears to be website databases, potentially compromising those databases. But the credentials revealed do not seem to relate to critical back-end systems within those companies.

Private information published
Though the operation, dubbed "#ProjectSunRise – Africa's heart", is nominally aimed at an oppressive government and a corrupt elite, the only real victims to date were ordinary individuals whose private details were published.

"They have my cellphone number and my ID number?" asked one victim when contacted by the Mail & Guardian. "Can they use that to get into my bank accounts do you think?"

Verification of the data showed there were details of a subset of PostNet customers, as well as a list of people who worked for or applied for work at Woolworths branches, including their references.

"We have been made aware that our investor relations website, a site hosted by a third party service provider, has been compromised along with other companies'," Woolworths said in a statement in response to questions. "We are conducting a full investigation and we have closed down the site while we do this."

PostNet could not immediately be reached for comment.

People subscribed to various email lists also confirmed that their details were accurate.

Potential threat
The released information contains about 30 000 email addresses, and several thousand cellphone and ID numbers. Much of the information verified by the M&G was several years old, suggesting that it was drawn from forgotten databases with poor security.

GhostShell said the leak represented a taster of two months' worth of work, which has "managed to fingerprint the entire top business infrastructure of South Africa". It also claimed the information it obtained indicated links between Angolan business and the US CIA.

The information released contained no indication that such a link was established, or that local companies were significantly compromised.

But the initial effort might not be a good indicator of the threat the campaign could present, said security specialist Haroon Meer of consultancy Thinkst.

"For the most part we survive because people don't try too hard to behave badly," he said, when asked whether the group could represent a threat. "Someone just issued a call to behave badly."

Meer said most connected countries were vulnerable to a range of online attacks, and the impact of attacks depended largely on whether a cause could attract either the skilled few, or sufficient numbers to launch effective nuisance attacks.

Link with Anonymous
GhostShell lays claim to previous exploits involving leaked information, but its link with Anonymous is uncertain. Anonymous itself has been wildly successful in organising mediagenic attacks on high-profile targets but forms, at best, a loose collective.

Cells, including an apparent attempt at a South African chapter, often claim lineage where none exist – but are sometimes absorbed into what passed for the main body of the organisation.

" ... it was decided that a new Anonymous branch needs to be created to enforce the peoples [sic] will in [South Africa] and form an open bond with the rest of the world, just so that anyone can know at all times the current events that happen there," GhostShell said in a creed accompanying links to the leaked information from local companies. "The process is still going through some changes, but we will get there."

The group also promised the country salvation.

"If we keep our corrupt malicious government will a 1st world country be dumb enough to save us again? The answer is no they wont. [sic] But team GhostShell will, we have noticed how much you are in need of a savior [sic] not afraid of the law who can acces [sic] secure information and give it to you. Together with anonymouses [sic] #OpSAfrica team ghost shell [sic] will rid you of corruption, make all knowledge free and help South Africa out of crime, corruption and poverty. Together we can make a better South Africa for you."

Phillip de Wet

Phillip de Wet writes about politics, society, economics, and the areas where these collide. He has never been anything other than a journalist, though he has been involved in starting new newspapers, magazines and websites, a suspiciously large percentage of which are no longer in business. PGP fingerprint: CF74 7B0F F037 ACB9 779C 902B 793C 8781 4548 D165 Read more from Phillip de Wet